[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: blocking icmp...

On Sun, May 25, 2003 at 01:09:29PM -0400, Kevin McKinley wrote:
> On Sun, 25 May 2003 07:31:02 -0700
> Paul Johnson <baloo@ursine.dyndns.org> wrote:
> > On Sun, May 25, 2003 at 09:56:07PM +0800, Hanz wrote: 
> > > In setting up a firewall will there be any negative side effects if
> > > i block icmp?
> > 
> > Well, other than it breaking the TCP/IP standard and making some
> > servers think you don't exist (some ping back), no.
> 
> How would declining to answer pings "break the TCP/IP standard"? That's like
> saying if you don't answer the telephone you're breaking the telephone
> standard.

Obviously it only counts if you're sending or receiving other packets.
RFC 1122, a.k.a. STD 3, "Requirements for Internet Hosts --
Communication Layers":

         3.2.2.6  Echo Request/Reply: RFC-792

            Every host MUST implement an ICMP Echo server function that
            receives Echo Requests and sends corresponding Echo Replies.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
Reply to: